[openid-specs-rande] SAML to OIDC mapping specification
Mischa Salle
msalle at nikhef.nl
Thu Mar 11 20:29:42 UTC 2021
Hi,
On Thu, Mar 11, 2021 at 01:28:42PM +0100, Etienne Dysli Metref wrote:
> On 11.03.21 11:17, Paul Millar wrote:
> >> I fully agree with Niels. We should absolutely not allow both in one
> >> spec. It will be confusing, expensive to maintain and expensive on a
> >> performance level.
> >
> > Another aspect (hinted at by Niels) is that this would allow a token to
> > have inconsistent information. If the same assertion appears twice (as
> > camelCase and as snake_case), the values could be different. The
> > behaviour, under such circumstances, could be undefined and therefore
> > implementation-specific.
>
> Good point! A specification that leaves the door open to such undefined
> behaviour would be bad.
>
> I agree with Niels and Mischa that having an unclear specification is
> undesirable. However, the performance argument is bogus until someone
> provides actual data.
if a consumer of a JWT needs to translate one into the other, there is a
performance penalty. It might be small, but it is still a waste since
there shouldn't be a need in the first place.
Mischa
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email msalle at nikhef.nl
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
More information about the openid-specs-rande
mailing list